An Information Security Management System (ISMS) is a process approach to managing information security within an organization. Based on ISO standards 27001 and 27002, the design and implementation of an organization’s ISMS is influenced by their needs and objectives, IT security requirements, the processes employed, and the size and structure of the organization. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organization, e.g. a simple situation requires a simple ISMS solution.
A Typical ISMS consulting project from Pearl Technology includes:
- A Penetration Test
- A Security Audit
- Assistance in the development of an internal Security Team
- A one-year IT Security Strategy Plan (ISMS Plan)
- Up to five additional Supporting IT Security Policies
- One defined Private Information Asset Workflow Report
- Quarterly consultation on the ISMS process for one year
"We engaged Pearl Technology to provide a security assessment, which was very educational and helped identify a variety of areas we could improve upon. The areas spanned from network, server, and application configuration to recommendations for improving policies, training of employees, and the formation of an internal security review team. We were pleased with the findings and the roadmaps provided."
IT Director, Insurance Broker/Marketer/Administrator—Latham, NY